Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/2cfdfd-1b3b-4aaa-bd82-3f78bc3de3a8/1/MaDS8-joEcAo6zZrve4qyKt9_MA.roa
File:                     MaDS8-joEcAo6zZrve4qyKt9_MA.roa (raw, json)
Hash identifier:          xT1YeTMUMUPt/jRAlRUdl6PIm7aXY3jJu/RwbOafDEw=
Subject key identifier:   31:A0:D2:F3:E8:E8:11:C0:28:EB:36:6B:BD:EE:2A:C8:AB:7D:FC:C0
Certificate issuer:       /CN=a55004661a09e2675fc1599d4e40027d778c404c
Certificate serial:       019B7AC7A1F3204A09340986A59DC8B3BFE7
Authority key identifier: A5:50:04:66:1A:09:E2:67:5F:C1:59:9D:4E:40:02:7D:77:8C:40:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pVAEZhoJ4mdfwVmdTkACfXeMQEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/2cfdfd-1b3b-4aaa-bd82-3f78bc3de3a8/1/MaDS8-joEcAo6zZrve4qyKt9_MA.roa
Signing time:             Thu 01 Jan 2026 18:17:42 +0000
ROA not before:           Thu 01 Jan 2026 18:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56988
IP address blocks:        91.229.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/2cfdfd-1b3b-4aaa-bd82-3f78bc3de3a8/1/pVAEZhoJ4mdfwVmdTkACfXeMQEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/2cfdfd-1b3b-4aaa-bd82-3f78bc3de3a8/1/pVAEZhoJ4mdfwVmdTkACfXeMQEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pVAEZhoJ4mdfwVmdTkACfXeMQEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:a1:f3:20:4a:09:34:09:86:a5:9d:c8:b3:bf:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a55004661a09e2675fc1599d4e40027d778c404c
        Validity
            Not Before: Jan  1 18:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=31a0d2f3e8e811c028eb366bbdee2ac8ab7dfcc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:9b:3e:e5:bd:c7:79:72:3c:42:86:bb:60:59:
                    09:87:0e:8e:99:c1:c6:21:1c:41:18:a5:db:6f:9e:
                    2a:e7:af:9e:fa:22:db:ca:39:84:eb:a6:b6:3d:f8:
                    6d:10:12:db:27:6d:08:90:e4:90:ba:41:27:c5:39:
                    e9:28:24:87:47:8c:f3:02:a0:90:67:76:76:b3:d5:
                    fc:fa:d5:6c:32:1c:bb:fc:44:48:8b:14:7c:65:31:
                    e3:4d:ed:39:0e:08:76:2a:cd:91:a9:8b:2b:14:07:
                    91:cc:89:22:d6:cb:f6:52:88:66:15:23:69:bc:ab:
                    fc:32:5a:5d:52:d5:22:8a:b4:d1:db:02:cc:b3:f9:
                    43:34:e3:a7:a1:c9:1b:f8:76:7d:89:30:6c:aa:64:
                    fb:29:c7:ae:52:d2:35:21:c4:be:cb:50:30:14:b2:
                    0e:07:1c:fe:c3:46:af:89:05:48:f0:88:b9:3f:cb:
                    e8:fe:93:cd:97:9a:7a:8e:3b:c6:63:75:2e:be:11:
                    ee:0c:40:55:30:2f:70:29:d3:0d:06:b8:82:a1:06:
                    ea:1a:7d:52:f2:0c:c7:af:60:d6:94:ee:1b:63:85:
                    a6:a1:d7:f8:59:7f:40:d9:59:6b:7f:bd:23:20:92:
                    ad:1e:5e:bf:7e:ca:93:2c:15:55:e7:44:ef:56:e3:
                    5e:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:A0:D2:F3:E8:E8:11:C0:28:EB:36:6B:BD:EE:2A:C8:AB:7D:FC:C0
            X509v3 Authority Key Identifier:
                keyid:A5:50:04:66:1A:09:E2:67:5F:C1:59:9D:4E:40:02:7D:77:8C:40:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pVAEZhoJ4mdfwVmdTkACfXeMQEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/2cfdfd-1b3b-4aaa-bd82-3f78bc3de3a8/1/MaDS8-joEcAo6zZrve4qyKt9_MA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/2cfdfd-1b3b-4aaa-bd82-3f78bc3de3a8/1/pVAEZhoJ4mdfwVmdTkACfXeMQEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:15:31:40:53:1b:7d:b8:65:dd:26:65:89:eb:54:01:c0:58:
         7c:bc:0d:66:e2:ce:25:e4:4e:06:25:d9:99:02:17:de:eb:a1:
         6a:04:ec:88:ec:b2:b7:7b:38:b9:3e:dd:5b:1a:6d:c1:3c:9e:
         42:ab:ae:bf:ff:d5:f8:79:50:da:d6:36:b1:7b:59:c3:a2:71:
         72:74:32:3a:dc:5b:46:d7:76:71:08:9e:27:51:ad:b7:f2:14:
         0f:6c:40:82:bc:83:82:87:aa:21:ab:25:07:0a:54:92:88:09:
         6e:76:9e:ef:55:51:c1:5f:ce:bf:1e:50:8b:ae:38:69:07:9a:
         fd:e2:ea:10:a0:42:cd:8b:70:65:e9:07:70:2c:4f:69:b8:8c:
         0c:f5:ab:19:e4:1e:87:2b:26:72:a4:97:0d:bb:2b:0a:80:04:
         bf:b5:0a:92:9b:cb:24:77:1f:df:ed:1b:9d:04:12:a9:d5:da:
         2e:f6:d1:95:58:98:65:a1:92:ff:67:ab:1b:ce:b7:bb:08:75:
         df:66:58:c6:0e:8e:df:7e:2f:78:3f:3d:bc:ca:1d:90:9d:f7:
         03:52:0a:dc:62:6b:75:46:ea:35:60:9a:11:0b:05:dd:7d:2a:
         e8:18:ae:59:ff:d0:3f:7d:5c:29:0e:f8:f9:f2:2f:b9:ec:01:
         af:97:18:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x6HzIEoJNAmGpZ3Is7/nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NTAwNDY2MWEwOWUyNjc1ZmMxNTk5ZDRlNDAwMjdkNzc4
YzQwNGMwHhcNMjYwMTAxMTgxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWEwZDJmM2U4ZTgxMWMwMjhlYjM2NmJiZGVlMmFjOGFiN2RmY2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZs+5b3HeXI8Qoa7YFkJhw6OmcHG
IRxBGKXbb54q56+e+iLbyjmE66a2PfhtEBLbJ20IkOSQukEnxTnpKCSHR4zzAqCQ
Z3Z2s9X8+tVsMhy7/ERIixR8ZTHjTe05Dgh2Ks2RqYsrFAeRzIki1sv2UohmFSNp
vKv8MlpdUtUiirTR2wLMs/lDNOOnockb+HZ9iTBsqmT7KceuUtI1IcS+y1AwFLIO
Bxz+w0aviQVI8Ii5P8vo/pPNl5p6jjvGY3UuvhHuDEBVMC9wKdMNBriCoQbqGn1S
8gzHr2DWlO4bY4Wmodf4WX9A2Vlrf70jIJKtHl6/fsqTLBVV50TvVuNeMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDGg0vPo6BHAKOs2a73uKsirffzAMB8GA1UdIwQY
MBaAFKVQBGYaCeJnX8FZnU5AAn13jEBMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFZBRVpob0o0bWRmd1ZtZFRrQUNmWGVNUUV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8yY2ZkZmQtMWIzYi00YWFhLWJkODIt
M2Y3OGJjM2RlM2E4LzEvTWFEUzgtam9FY0FvNnpacnZlNHF5S3Q5X01BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8yY2ZkZmQtMWIzYi00YWFhLWJkODItM2Y3OGJjM2RlM2E4
LzEvcFZBRVpob0o0bWRmd1ZtZFRrQUNmWGVNUUV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+XgMA0G
CSqGSIb3DQEBCwUAA4IBAQCxFTFAUxt9uGXdJmWJ61QBwFh8vA1m4s4l5E4GJdmZ
Ahfe66FqBOyI7LK3ezi5Pt1bGm3BPJ5Cq66//9X4eVDa1jaxe1nDonFydDI63FtG
13ZxCJ4nUa238hQPbECCvIOCh6ohqyUHClSSiAludp7vVVHBX86/HlCLrjhpB5r9
4uoQoELNi3Bl6QdwLE9puIwM9asZ5B6HKyZypJcNuysKgAS/tQqSm8skdx/f7Rud
BBKp1dou9tGVWJhloZL/Z6sbzre7CHXfZljGDo7ffi94Pz28yh2QnfcDUgrcYmt1
Ruo1YJoRCwXdfSroGK5Z/9A/fVwpDvj58i+57AGvlxgt
-----END CERTIFICATE-----